[openstack-dev] [kolla] Domains support
Dave Walker
email at daviey.com
Thu Feb 2 16:07:39 UTC 2017
Try /etc/kolla/config/keystone/domains/keystone.$DOMAIN.conf
Thanks
On 2 February 2017 at 00:20, Christian Tardif <christian.tardif at servinfo.ca>
wrote:
> Will sure give it a try ! And from a kolla perspective, it means that this
> file should go in /etc/kolla/config/domains/keystone.$DOMAIN.conf in
> order to be pushed to the relevant containers ?
> ------------------------------
>
>
> *Christian Tardif*christian.tardif at servinfo.ca
>
> SVP, pensez à l’environnement avant d’imprimer ce message.
>
>
>
> ------ Message d'origine ------
> De: "Dave Walker" <email at daviey.com>
> À: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> Envoyé : 2017-02-01 11:39:15
> Objet : Re: [openstack-dev] [kolla] Domains support
>
> Hi Christian,
>
> I added the domain support, but I didn't document it as well as I should
> have. Apologies!
>
> This is the config I am using to talk to a windows AD server. Hope this
> helps.
>
> create a domain specific file:
> etc/keystone/domains/keystone.$DOMAIN.conf:
>
> [ldap]
> use_pool = true
> pool_size = 10
> pool_retry_max = 3
> pool_retry_delay = 0.1
> pool_connection_timeout = -1
> pool_connection_lifetime = 600
> use_auth_pool = false
> auth_pool_size = 100
> auth_pool_connection_lifetime = 60
> url = ldap://server1:389,ldap://server2:389
> user = CN=Linux SSSD Kerberos Service Account,CN=Users,DC=example,DC=com
> password = password
> suffix = dc=example,dc=com
> user_tree_dn = OU=Personnel,OU=Users,OU=
> example,DC=example,DC=com
> user_objectclass = person
> user_filter = (memberOf=CN=mail,OU=GPO
> Security,OU=Groups,OU=COMPANY,DC=example,DC=com)
> user_id_attribute = sAMAccountName
> user_name_attribute = sAMAccountName
> user_description_attribute = displayName
> user_mail_attribute = mail
> user_pass_attribute =
> user_enabled_attribute = userAccountControl
> user_enabled_mask = 2
> user_enabled_default = 512
> user_attribute_ignore = password,tenant_id,tenants
> group_tree_dn = OU=GPO Security,OU=Groups,OU=COMPANY,
> DC=example,DC=com
> group_name_attribute = name
> group_id_attribute = cn
> group_objectclass = group
> group_member_attribute = member
>
> [identity]
> driver = keystone.identity.backends.ldap.Identity
>
> [assignment]
> driver = keystone.assignment.backends.sql.Assignment
>
> --
> Kind Regards,
> Dave Walker
>
> On 1 February 2017 at 05:03, Christian Tardif <
> christian.tardif at servinfo.ca> wrote:
>
>> Hi,
>>
>> I'm looking for domains support in Kolla. I've searched, but didn't find
>> anything relevant. Could someone point me how to achieve this?
>>
>> What I'm really looking for, in fact, is a decent way or setting auth
>> through LDAP backend while keeping service users (neutron, for example) in
>> the SQL backend. I know that this can be achieved with domains support
>> (leaving default domain on SQL, and another domain for LDAP users. Or maybe
>> there's another of doing this?
>>
>> Thanks,
>> ------------------------------
>>
>>
>> *Christian Tardif*christian.tardif at servinfo.ca
>>
>> ____________________________________________________________
>> ______________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170202/f1157835/attachment.html>
More information about the OpenStack-dev
mailing list